Best Practices with Single Sign-On – Assess You Organization Readiness

Written by Deepak Rajgopal

July 30, 2019

This checklist is designed to offer guidance to decision makers in enterprises, small and mid tier organizations, government agencies or other organizations to assess single sign-on (SSO) systems, as well for SSO developers to ensure that they have provided is equipped to detect the possibilities of exchanging identification and authentication credentials.

This checklist will provide you with:

  • The most important metrics to consider
  • Making sure that your SSO system is fully SSO enabled
  • A handy matrix form for you to see what each vendor has to offer

Checklist for Single Sign-on Systems

 

Key MetricsDoes the SSO Support
Application IntegrationOn-premises

  • On cloud
  • Hybrid
Community Support
  • Employees
  • Contractors
  • Partners/Vendors
  • Customers
End users or customers
  • Facebook
  • Google
Password Vaulting vs True SSO
  • User enters username+password to access apps/sites
  • User log-in for single time to access apps/sites
Open Standards
  • SAML
  • OpenID Connect
  • OAuth 2
  • WS-Federation
Mobile Users
  • SSO for mobile devices
  • Work with various devices with SAML and MDM vendors
  • MFA Authentication tool
Meet Security regulatory compliance
  • SOC 2 Type 2
  • ISO 27117
  • ISO 2701
  • ISO 27001
  • CSA Star
  • Truste
  • US Privacy Shield
  • Skyhigh enterprise ready
  • GDPR
  • EU Model Contract Clauses
  • NIST Cyber security framework
  • Vendor penetration, network and bug tests
Disaster Recovery Availability
  • 99.99% availability
  • Across data centers located across regions
  • Replication and redundancy across regions
High usability features
  • Single portal for apps
  • Integration with different browsers
  • Easy login process
  • Easy app access process
  • Users can reset passwords on their own
Enterprise access
  • Integrates with VPN
  • Integrates with wi-fi for app access
  • Endpoints integration with RADIUS and LDAP
Authentication
  • MFA
  • Adaptive authentication
  • Automated authentication
  • X 509 based certificates
Authorization Management
  • RBAC access
  • Provisioning and de-provisioning of user access in apps
Integration features
  • Seamless integration with in-house custom apps through API
  • Seamless deployment of SSO without disturbing existing apps
Federation
  • Existing identity providers like Microsoft Active Directory (AD)
  • Amazon AD
  • LDAP
  • Google directory
  • Human resource management systems such as Workday, Sucessfactors
Password rules
  • Setting up of password when expires
  • Set password complexity such as length, characters
  • Reduce support tickets during expiration notifications
  • MFA requirements for password resets if MFA isused
Developer Support -custom apps and third party systems
  • API support
  • SSO registration
  • SDK for major platforms and languages
  • OpenID Connect
Compliance based reporting
  • External authorization to third party SIEM solutions
  • Audit trails
User Behaviour Analytics  (UBA)
  • Allow blacklist, whitelist of geo-locations and IP’s
  • Set responses to high risk logins attempts
  • Re-authentication to access certain apps with MFA tools
Data processing model
  • Where data identity is processed and stored

 

 

 

 

 

Related Articles

Giving more power to development teams

Giving more power to development teams Today with the increasing number of breaches. Security being the check point for production is quite outdated and time consuming. Though having developers fast drive a secure application is a top priority, it causes many internal...

Los Angeles Police Department Faces Data Breach

Los Angeles Police Department Faces Data BreachData is everywhere and so are the data beaches. With increasing number data breaches every day. The organization takes lots of measures to secure their data and network. Still data breach is increasing day by day....

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

Unleash more of your potential with weekly updates, tailored for your team.